Managing network identities
Techniques for managing network identities include generating, with a local computing system, a tree structure representing a network comprising a plurality of entities, the tree structure comprising a plurality of nodes, each node of the plurality of nodes representing an entity of the plurality of entities, at least one entity of the plurality of entities is represented by more than one node of the plurality of nodes; assigning a unique identifier to each node; identifying each node of the plurality of nodes as being a protected node or an unprotected node; and transmitting, to a remote computing system, the tree structure, the unique identifiers for the protected nodes, and identity information of the entities for the unprotected nodes.
Latest SAP SE Patents:
This application is a continuation of, and claims priority under 35 U.S.C. §120 to, U.S. patent application Ser. No. 13/463,772, filed May 3, 2012, and entitled “Managing Network Identities,” the entire contents of which are hereby incorporated by reference.
TECHNICAL BACKGROUNDThis disclosure relates to managing network identities and, more particularly, protecting identities of entities in a network.
BACKGROUNDA network is made up of a set of entities, such as things, individuals, groups, or organizations, and links between the entities that represent relationships, connections, or interactions between the entities. A user may want to learn generic information about the network. The network, however, may include entities that have strong expectations of privacy, and the user may not have permission to view the identity of such entities. The privacy of these entities needs to be protected while preserving the properties of the network, such as the presence of the entities in the network and the links between the entities. The privacy of these entities is typically protected through anonymization techniques in which information that can be used to identify the entities, such as names, e-mail addresses, phone numbers, and the like, are concealed from the user. Some anonymization techniques, however, do not adequately protect the privacy of the entities in the network.
SUMMARYThis disclosure describes systems, methods, apparatus, and computer-readable media for managing network identities including, for example, the features of generating, with a local computing system, a tree structure representing a network comprising a plurality of entities, the tree structure comprising a plurality of nodes, each node of the plurality of nodes representing an entity of the plurality of entities, at least one entity of the plurality of entities is represented by more than one node of the plurality of nodes; assigning a unique identifier to each node; identifying each node of the plurality of nodes as being a protected node or an unprotected node; and transmitting, to a remote computing system, the tree structure, the unique identifiers for the protected nodes, and identity information of the entities for the unprotected nodes.
In a first aspect combinable with any of the general embodiments, assigning a unique identifier to each node includes generating a number by combining an identification number of the entity associated with the node and identification numbers of entities associated with nodes along a path from a root node of the tree structure to the node; and encrypting the combined number.
In a second aspect combinable with any of the general embodiments, assigning the unique identifier to each node includes assigning a unique number to each node based on a path from a root node of the tree structure to the node.
In a third aspect combinable with any of the general embodiments, assigning a unique identifier to each node includes assigning the unique number to each node based on an order that a user of the remote computing system expands the nodes of the tree structure.
A fourth aspect combinable with any of the general embodiments includes maintaining a mapping of each unique identifier to information about the entity associated with the node associated with the unique identifier.
In a fifth aspect combinable with any of the general embodiments, identifying each node of the plurality of nodes as being a protected node or an unprotected node includes determining that a user of the remote computing system has permission to view identity information of the entity associated with the node; and identifying the node as being an unprotected node.
In a sixth aspect combinable with any of the general embodiments, identifying each node of the plurality of nodes as being a protected node or an unprotected node includes determining that a user of the remote computing system does not have permission to view identity information of the entity associated with the node; and identifying the node as being a protected node.
In a seventh aspect combinable with any of the general embodiments, the at least one entity represented by more than one node of the plurality of nodes is associated with at least one protected node.
Particular embodiments of the subject matter described in this disclosure can be implemented so as to realize none, one, or more of the following advantages. The identity of entities can be protected while revealing generic information about a network, such as the presence of these entities in the network and generic information about these entities, to a user. When an entity is present multiple times in a network, e.g., has a direct and indirect connection to a user, or has multiple indirect connections to the user but no direct connection, and the presence of the entity is represented by multiple instances in a user interface, it will be difficult for a user to infer that each instance is representing the same entity.
These general and specific aspects may be implemented using a device, system or method, or any combinations of devices, systems, or methods. For example, a system of one or more computers can be configured to perform particular actions by virtue of having software, firmware, hardware, or a combination of them installed on the system that in operation causes or cause the system to perform the actions. One or more computer programs can be configured to perform particular actions by virtue of including instructions that, when executed by data processing apparatus, cause the apparatus to perform the actions. The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features, objects, and advantages will be apparent from the description and drawings, and from the claims.
In a general embodiment of the present disclosure, a computing system manages identities of entities in a network. An entity includes, for example, a thing, a person, a group, an organization, or a company. A network includes, for example, a social network, a supplier network, a business-to-business network, a peer-to-peer network, a communication network, a computer network, or a collection of hardware components. A network may be represented by a graph structure. The graph structure can be cyclic or acyclic. The graph structure can include multiple occurrences of the same entity. A node in the graph structure represents an entity in the network. The computing system generates a tree structure from the network graph. In the tree structure, each instance of an entity is represented by a distinct node. As a result, an entity can be represented by multiple distinct nodes in the tree structure. This occurs when, for example, the entity has a direct and an indirect connection to a user, or has multiple indirect connections to the user but no direct connection. The computing system assigns a unique identifier to each distinct node in the tree structure that is opaque relative to the identity information of the entity associated with the node. An identifier is opaque when the identifier does not reveal or include any identity information of the entity. As a result, an entity that is represented by multiple distinct nodes in the tree structure is associated with multiple unique opaque identifiers. This makes it difficult for a user to infer that the multiple nodes represent the same entity when the identity of the entity associated with the nodes is concealed from the user. When a user requests information about the network, the computing system transmits the tree structure, the unique identifiers for nodes associated with entities in which identity information is to be concealed from the user, and identity information of entities in which the user has permission to view the identity information.
In general, the computing system 102 may be a server that stores one or more hosted applications 114, where at least a portion of the hosted applications 114 are executed via requests and responses sent to users or clients within and communicably coupled to the illustrated environment 100 of
In some instances, the server 102 may store a plurality of various hosted applications 114, while in other instances, the server 102 may be a dedicated server meant to store and execute only a single hosted application 114. In some instances, the server 102 may include a web server, where the hosted applications 114 represent one or more web-based applications accessed and executed via network 132 by the clients 135 of the system to perform the programmed tasks or operations of the hosted application 114. At a high level, the server 102 includes an electronic computing device operable to receive, transmit, process, store, or manage data and information associated with the environment 100. Specifically, the server 102 illustrated in
In addition to requests from the external clients 135 illustrated in
In the present implementation, and as shown in
Generally, the network 132 facilitates wireless or wireline communications between the components of the environment 100 (i.e., between the server 102 and the clients 135), as well as with any other local or remote computer, such as additional clients, servers, or other devices communicably coupled to network 132 but not illustrated in
Further, all or a portion of the network 132 can include either a wireline or wireless link. Example wireless links may include 802.11a/b/g/n, 802.20, WiMax, and/or any other appropriate wireless link. In other words, the network 132 encompasses any internal or external network, networks, sub-network, or combination thereof operable to facilitate communications between various computing components inside and outside the illustrated environment 100. The network 132 may communicate, for example, Internet Protocol (IP) packets, Frame Relay frames, Asynchronous Transfer Mode (ATM) cells, voice, video, data, and other suitable information between network addresses. The network 132 may also include one or more local area networks (LANs), radio access networks (RANs), metropolitan area networks (MANs), wide area networks (WANs), all or a portion of the Internet, and/or any other communication system or systems at one or more locations.
As illustrated in
At a high level, each of the one or more hosted applications 114 is any application, program, module, process, or other software that may execute, change, delete, generate, or otherwise manage information according to the present disclosure, particularly in response to and in connection with one or more requests received from the illustrated clients 135 and their associated client applications 144. In certain cases, only one hosted application 114 may be located at a particular server 102. In others, a plurality of related and/or unrelated hosted applications 114 may be stored at a single server 102, or located across a plurality of other servers 102, as well. In certain cases, environment 100 may implement a composite hosted application 114. For example, portions of the composite application may be implemented as Enterprise Java Beans (EJBs) or design-time components may have the ability to generate run-time implementations into different platforms, such as J2EE (Java 2 Platform, Enterprise Edition), ABAP (Advanced Business Application Programming) objects, or Microsoft's .NET, among others. In some embodiments, portions of the composite application may be implemented through a single enterprise-class solution for data integration, data quality, data profiling, and text analysis. For example, in some implementations, the enterprise-class solution implemented may address cleansing and standardization of records, such as, for example, database records 120.
Additionally, the hosted applications 114 may represent web-based applications accessed and executed by remote clients 135 or client applications 144 via the network 132 (e.g., through the Internet). Further, while illustrated as internal to server 102, one or more processes associated with a particular hosted application 114 may be stored, referenced, or executed remotely. For example, a portion of a particular hosted application 114 may be a web service associated with the application that is remotely called, while another portion of the hosted application 114 may be an interface object or agent bundled for processing at a remote client 135. Moreover, any or all of the hosted applications 114 may be a child or sub-module of another software module or enterprise application (not illustrated) without departing from the scope of this disclosure. Still further, portions of the hosted application 114 may be executed by a user working directly at server 102, as well as remotely at client 135.
The illustrated server 102 also includes memory 117. Memory 117 may include any memory or database module and may take the form of volatile or non-volatile memory including, without limitation, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), removable media, or any other suitable local or remote memory component. Memory 117 may store various objects or data, including classes, frameworks, applications, backup data, business objects, jobs, web pages, web page templates, database tables, repositories storing business and/or dynamic information, and any other appropriate information including any parameters, variables, algorithms, instructions, rules, constraints, or references thereto associated with the purposes of the server 102 and its one or more hosted applications 114. For example, memory 117 may store database records 120 that contain information associated with an entity. Memory 117 may also store tables 122 that include mappings of unique identifiers to database records 120 for each network displayed on a remote client. Additionally, memory 117 may include any other appropriate data, such as VPN applications, firmware logs and policies, firewall policies, a security or access log, print or other reporting files, as well as others.
The illustrated environment of
Moreover, while each client 135 is described in terms of being used by a single user, this disclosure contemplates that many users may use one computer, or that one user may use multiple computers. As used in this disclosure, client 135 is intended to encompass a personal computer, touch screen terminal, workstation, network computer, kiosk, wireless data port, smart phone, personal data assistant (PDA), one or more processors within these or other devices, or any other suitable processing device. For example, each client 135 may include a computer that includes an input device, such as a keypad, touch screen, mouse, or other device that can accept user information, and an output device that conveys information associated with the operation of the server 102 (and hosted application 114) or the client 135 itself, including digital data, visual information, the client application 144, or the GUI 138. Both the input and output device may include fixed or removable storage media such as a magnetic storage media, CD-ROM, or other suitable media to both receive input from and provide output to users of the clients 135 through the display, namely, the GUI 138.
Further, the illustrated client 135 includes a GUI 138 including a graphical user interface operable to interface with at least a portion of environment 100 for any suitable purpose, including generating a visual representation of the client application 144 (in some instances, the client's web browser) and the interactions with the hosted application 114, including the responses received from the hosted application 114 received in response to the requests sent by the client application 144. Generally, through the GUI 138, the user is provided with an efficient and user-friendly presentation of data provided by or communicated within the system. The term “graphical user interface,” or GUI, may be used in the singular or the plural to describe one or more graphical user interfaces and each of the displays of a particular graphical user interface. Therefore, the GUI 138 can represent any graphical user interface, including but not limited to, a web browser, touch screen, or command line interface (CLI) that processes information in environment 100 and efficiently presents the information results to the user.
In general, the GUI 138 may include a plurality of user interface (UI) elements, some or all associated with the client application 144, such as interactive fields, pull-down lists, and buttons operable by the user at client 135. These and other UI elements may be related to or represent the functions of the client application 144, as well as other software applications executing at the client 135. In particular, the GUI 138 may be used to present the client-based perspective of the hosted application 114, and may be used (as a web browser or using the client application 144 as a web browser) to view and navigate the hosted application 114, as well as various web pages located both internal and external to the server, some of which may be associated with the hosted application 114. For purposes of the present location, the GUI 138 may be a part of or the entirety of the client application 144, while also merely a tool for displaying the visual representation of the client and hosted applications' 114 actions and interactions. In some instances, the GUI 138 and the client application 144 may be used interchangeably, particularly when the client application 144 represents a web browser associated with the hosted application 114.
While
For purposes of illustration, the network graph 200 will be described with respect to a network that includes suppliers. Each company in the network is represented by a node 202. A root node 202a of the network graph 200 represents a company of a user who is requesting information about the supplier network. Links 204 are directed links that connects two nodes. A link 204 points from a node for a company to a node for its supplier. For example, the link 204a points from node 202c for Cola Corp to node 202b for Acme Corp, which is a supplier for Cola Corp.
A user who is requesting information about a network can view the presence of all entities in the network. However, the user may not have permission to view identity information for all the entities in the network. In
In
Referring again to
In the supplier network of
As shown in
Referring again to
At step 308, the computing system transmits the tree structure, the identifiers for the protected nodes, and identity information of the entities for the unprotected nodes to a remote client. The remote client displays to a user a network tree representing the network.
In addition to the identity information of the entities for the unprotected nodes, the computing system may transmit identifiers for the unprotected nodes. These identifiers may be used by the remote client to request further information associated with the nodes from the computing system. In this implementation, the computing system transmits the identifiers for all nodes of the network tree and identity information of the entities for the unprotected nodes to the remote client. The remote client uses the identifiers to request information associated with the nodes, such as non-identifying information of the entities associated with the protected nodes, of the network tree 500 from the computing system.
The computing system and a remote client use the identifier assigned to a node to communicate and request information associated with an entity represented by the node. For example, a remote client uses the identifier “123” to request information associated with the company Acme Corp represented by unprotected node 602b. The remote client uses the same identifier “123” to request information associated with the company Acme Corp represented by protected node 602d. Although the identity information of the company Acme Corp represented by protected node 602d is not displayed to the user of the remote system, the user can infer the identity information of the company represented by the protected node 602d by examining the identifiers that are communicated between the remote client and the computing system for all the nodes in the network tree. By examining the identifiers, the user can determine that the same identifier is used by the remote client and the computing system when communicating information associated with unprotected node 602b and protected node 602d. From this, the user can infer that protected node 602d represents the same company as unprotected node 602b. Therefore, assigning an identifier to a node in a network tree based on an entity's database record identification number may not adequately protect the identity of the entity associated with protected nodes.
For example, the computing system assigns to unprotected node 702b and protected node 702d, which both represent Acme Corp, the identifier “ABC321,” which is an encrypted combination of the database record identification number associated with Acme Corp and the user's identification number. Although the identifiers assigned to the nodes will differ between users of the system, the identifiers for nodes that represent the same company will be identical for a given user. The user can determine that the same identifier is used by the remote client and the computing system when communicating information associated with unprotected node 702b and protected node 702d. From this, the user can infer that protected node 702d represents the same company as unprotected node 702b, even though the actual database record identification number was not transmitted to the remote client. Therefore, assigning an identifier to a node in a network tree based on a combination of an entity's database record identification number and user's identification number may not adequately protect the identity of the entity associated with protected nodes.
For example, the computing system assigns to unprotected node 802b, representing Acme Corp, the identifier “XYZ789,” which is the encrypted combination of the database record identification number associated with Acme Corp and the identification number of the entity associated with the parent node 802a, which is the user's identification number. The computing system assigns to protected node 802d, also representing Acme Corp, the identifier “KLM444,” which is the encrypted combination of the database record identification number associated with Acme Corp and the identification number of the entity associated with the parent node 802c, which is the identification number of Cola Corp. Even though unprotected node 802b and protected node 802d represent the same company, the identifiers for unprotected node 802b and protected node 802d are no longer identical.
However, the identifiers for nodes 802e and 802i, representing Pico Corp, will be identical because the parent nodes 802b and 802d of nodes 802e and 802i represent the same company Acme Corp. Additionally, the identifiers for nodes 802f and 802j, representing YoYo Corp, will be identical because the parent nodes 802b and 802d of nodes 802f and 802j also represent Acme Corp. The user can determine that the same identifier is used by the remote client and the computing system when communicating information associated with unprotected node 802e and protected node 802i. From this, the user can infer that protected node 802i represents the same company Pico Corp as unprotected node 802e. Additionally, the user can determine that the same identifier is used by the remote client and the computing system when communicating information associated with unprotected node 802f and protected node 802j. From this, the user can infer that protected node 802j represents the same company YoYo Corp as unprotected node 802f. Thus, unprotected node 802e represents the same company as protected node 802i, unprotected node 802f represents the same company as protected node 802j, and the parent node 802b of nodes 802e and 802f and the parent node 802d of nodes 802i and 802j are identical. From this, the user can infer that protected node 802d represents the same company Acme Corp as unprotected node 802b. Therefore, assigning an identifier to a node in a network tree based on a combination of an entity's database record identification number and an identification number of an entity represented by a parent node may not adequately protect the identity of the entity associated with protected nodes.
In some implementations, the computing system assigns an identifier to a node in a network tree based on an encrypted combination of an entity's identification number and identification numbers of entities associated with all parent nodes in the supplier network chain. For example, the computing system assigns an identifier to node 802i based on an encrypted combination of Pico Corp's database record identification number, the identification number of Acme Corp represented by parent node 802d of 802i, and the identification number of Cola Corp represented by the parent node 802c of node 802d. This implementation protects identities of entities associated with protected nodes, but only up to N levels of indirection. If N is ten and the network tree has eleven levels, a user can detect duplicate companies at the eleventh level of the network tree.
For example, the computing system assigns to unprotected node 902e, representing Pico Corp, the identifier “QRS354,” which is the encrypted combination of the identification number of the entity associated with the root node 902a, which is the user's company's identification number, the identification number of the entity associated with node 902b, which is Acme Corp's identification number, and the identification number of the entity associated with node 902e, which is Pico Corp's identification number. The computing system assigns to protected node 902i, also representing Pico Corp, the identifier “BCD608,” which is the encrypted combination of the identification number of the entity associated with the root node 902a, which is the user's identification number, the identification number of the entity associated with node 902c, which is Cola Corp's identification number, the identification number of the entity associated with node 902d, which is Acme Corp's identification number, and the identification of the entity associated with node 902i, which is Pico Corp's identification number. Even though unprotected node 902e and protected node 902i represent the same company, the identifiers for unprotected node 902e and protected node 902i are no longer identical. As shown in
The computing system encrypts the encoded identification numbers and transmits the identifier to a remote client. The remote client stores the identifier. When the computing system receives the identifier from a remote client, the computing system decrypts the identifier to identify the company of which the remote client is requesting information. Although encoding identification numbers of companies along the full path from the root node to the node in which the identifier is to be assigned may provide adequate protection of the identity of companies represented by protected nodes, the computing system may require a significant amount of processing time to encrypt, encode, decrypt, and decode an identifier each time a user submits a request for information. Additionally, an identifier string may become significantly long for nodes at higher levels of the network tree. However, if the computing system does not support stateful execution in which a table that includes a mapping of identifiers to company information can be saved, as described below, encoding identification numbers of companies along the full path may provide adequate protection of the identity of the companies.
To manage the network identities using unique identifiers, the computing system maintains a table that includes a mapping of each identifier to information associated with the company represented by the node associated with the identifier. The table may be maintained in a memory of the computing system.
In some implementations, the computing system transmits a portion of a network tree to a remote client for display to a user based on requests received from the remote client. For example, the computing system transmits portions of a network tree to a remote client based on a user expanding the nodes of the network tree.
In
The user expands node 1202c by selecting the “+” symbol 1205c. The remote client transmits a request to the computing system for supplier information associated with node 1202c. The computing system assigns identifiers “3,” “4,” and “5” to the nodes 1202d, 1202g, and 1202h, respectively, corresponding to the request for supplier information associated with node 1202c, as shown in
Referring to
Referring to
A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made. For example, other methods described herein besides or in addition to that illustrated in
Claims
1. A method for managing network identities, the method comprising:
- generating, with a local computing system, a tree structure representing a network comprising a plurality of entities, the tree structure comprising a plurality of nodes, each node of the plurality of nodes representing an entity of the plurality of entities;
- identifying a first node and a second node of the tree structure each associated with a respective identification number;
- identifying a first order of expansion of the tree structure, including: i) expanding the tree structure at a first node to include a first expanded branch at the first node, the first expanded branch including a third node, ii) assigning a first identification number to the third node based on the first order of expansion;
- identifying a second order of expansion of the tree structure, including: i) expanding the tree structure at the second node to include a second expanded branch at the second node, the second expanded branch including a fourth node, ii) subsequent to expanding the tree structure at the second node, expanding the tree structure at the first node to include the first expanded branch at the first node, the first expanded branch including the third node; iii) assigning a second identification number to the third node based on the second order of expansion, the second identification number different than the first identification number;
- assigning a unique identifier to each of a fifth and a sixth node, the fifth and the sixth node representing the same entity, the fifth node distinct from the sixth node, the assigning including: encoding a first unique identifier for the fifth node by combining i) an identification number of the entity that is represented by the fifth and the sixth nodes and ii) identification numbers of entities associated with other nodes along a first path from a root node of the tree structure to the first node, wherein the first unique identifier is based on an order of the other nodes along the first path, the first path including the first node and third node, the identification number of the third node based on one of the first and the second identification numbers, encoding a second unique identifier for the sixth node by combining i) the identification number of the entity that is represented by the fifth and the sixth nodes and ii) the identification numbers of entities associated with the other nodes along a second path from a root node of the tree structure to the second node, wherein the second unique identifier is based on an order of the other nodes along the second path, the order of the other nodes along the first path is distinct from the order of the other nodes along the second path, the second path including the second node and the fourth node;
- decoding the first unique identifier to determine that the fifth node is an unprotected node, the unprotected node including identifying information associated with the entity;
- decoding the second unique identifier to determine that the sixth node is a protected node, the protected node concealing the identifying information associated with the entity; and
- transmitting, to a remote computing system, the unique identifier for the sixth node, and the identifying information for the fifth node.
2. The method of claim 1, further comprising:
- encrypting the first unique identifier and the second unique identifier.
3. The method of claim 1, further comprising:
- maintaining a mapping of each unique identifier to information about the entity associated with the node associated with the unique identifier.
4. The method of claim 1, further comprising:
- determining that a user of the remote computing system has permission to view identity information of the entity associated with the fifth node; and
- identifying the fifth node as being an unprotected node.
5. The method of claim 1, further comprising:
- determining that a user of the remote computing system does not have permission to view identity information of the entity associated with the sixth node; and
- identifying the sixth node as being a protected node.
6. The method of claim 1, wherein the at least one entity represented by more than one node of the plurality of nodes is associated with at least one protected node.
7. A non-transitory computer storage medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- generating, with a local computing system, a tree structure representing a network comprising a plurality of entities, the tree structure comprising a plurality of nodes, each node of the plurality of nodes representing an entity of the plurality of entities;
- identifying a first node and a second node of the tree structure each associated with a respective identification number;
- identifying a first order of expansion of the tree structure, including: i) expanding the tree structure at a first node to include a first expanded branch at the first node, the first expanded branch including a third node, ii) assigning a first identification number to the third node based on the first order of expansion;
- identifying a second order of expansion of the tree structure, including: i) expanding the tree structure at the second node to include a second expanded branch at the second node, the second expanded branch including a fourth node, ii) subsequent to expanding the tree structure at the second node, expanding the tree structure at the first node to include the first expanded branch at the first node, the first expanded branch including the third node; iii) assigning a second identification number to the third node based on the second order of expansion, the second identification number different than the first identification number;
- assigning a unique identifier to each of a fifth and a sixth node, the fifth and the sixth node representing the same entity, the fifth node distinct from the sixth node, the assigning including: encoding a first unique identifier for the fifth node by combining i) an identification number of the entity that is represented by the fifth and the sixth nodes and ii) identification numbers of entities associated with other nodes along a first path from a root node of the tree structure to the first node, wherein the first unique identifier is based on an order of the other nodes along the first path, the first path including the first node and third node, the identification number of the third node based on one of the first and the second identification numbers, encoding a second unique identifier for the sixth node by combining i) the identification number of the entity that is represented by the fifth and the sixth nodes and ii) the identification numbers of entities associated with the other nodes along a second path from a root node of the tree structure to the second node, wherein the second unique identifier is based on an order of the other nodes along the second path, the order of the other nodes along the first path is distinct from the order of the other nodes along the second path, the second path including the second node and the fourth node;
- decoding the first unique identifier to determine that the fifth node is an unprotected node, the unprotected node including identifying information associated with the entity;
- decoding the second unique identifier to determine that the sixth node is a protected node, the protected node concealing the identifying information associated with the entity; and
- transmitting, to a remote computing system, the unique identifier for the sixth node, and the identifying information for the fifth node.
8. The non-transitory computer storage medium of claim 7, further comprising:
- generating a number by combining an identification number of the entity associated with the node and identification numbers of entities associated with nodes along a path from a root node of the tree structure to the node; and
- encrypting the first unique identifier and the second unique identifier.
9. The non-transitory computer storage medium of claim 7, further comprising:
- maintaining a mapping of each unique identifier to information about the entity associated with the node associated with the unique identifier.
10. The non-transitory computer storage medium of claim 7, further comprising:
- determining that a user of the remote computing system has permission to view identity information of the entity associated with the fifth node; and
- identifying the fifth node as being an unprotected node.
11. The non-transitory computer storage medium of claim 7, further comprising:
- determining that a user of the remote computing system does not have permission to view identity information of the entity associated with the sixth node; and
- identifying the sixth node as being a protected node.
12. The non-transitory computer storage medium of claim 7, wherein the at least one entity represented by more than one node of the plurality of nodes is associated with at least one protected node.
13. A system of one or more computers configured to perform operations comprising:
- generating, with a local computing system, a tree structure representing a network comprising a plurality of entities, the tree structure comprising a plurality of nodes, each node of the plurality of nodes representing an entity of the plurality of entities;
- identifying a first node and a second node of the tree structure each associated with a respective identification number;
- identifying a first order of expansion of the tree structure, including: i) expanding the tree structure at a first node to include a first expanded branch at the first node, the first expanded branch including a third node, ii) assigning a first identification number to the third node based on the first order of expansion;
- identifying a second order of expansion of the tree structure, including: i) expanding the tree structure at the second node to include a second expanded branch at the second node, the second expanded branch including a fourth node, ii) subsequent to expanding the tree structure at the second node, expanding the tree structure at the first node to include the first expanded branch at the first node, the first expanded branch including the third node; iii) assigning a second identification number to the third node based on the second order of expansion, the second identification number different than the first identification number;
- assigning a unique identifier to each of a fifth and a sixth node, the fifth and the sixth node representing the same entity, the fifth node distinct from the sixth node, the assigning including: encoding a first unique identifier for the fifth node by combining i) an identification number of the entity that is represented by the fifth and the sixth nodes and ii) identification numbers of entities associated with other nodes along a first path from a root node of the tree structure to the first node, wherein the first unique identifier is based on an order of the other nodes along the first path, the first path including the first node and third node, the identification number of the third node based on one of the first and the second identification numbers, encoding a second unique identifier for the sixth node by combining i) the identification number of the entity that is represented by the fifth and the sixth nodes and ii) the identification numbers of entities associated with the other nodes along a second path from a root node of the tree structure to the second node, wherein the second unique identifier is based on an order of the other nodes along the second path, the order of the other nodes along the first path is distinct from the order of the other nodes along the second path, the second path including the second node and the fourth node;
- decoding the first unique identifier to determine that the fifth node is an unprotected node, the unprotected node including identifying information associated with the entity;
- decoding the second unique identifier to determine that the sixth node is a protected node, the protected node concealing the identifying information associated with the entity; and
- transmitting, to a remote computing system, the unique identifier for the sixth node, and the identifying information for the fifth node.
14. The system of claim 13, further comprising:
- encrypting the first unique identifier and the second unique identifier.
15. The system of claim 13, further comprising:
- maintaining a mapping of each unique identifier to information about the entity associated with the node associated with the unique identifier.
16. The system of claim 13, further comprising:
- determining that a user of the remote computing system has permission to view identity information of the entity associated with the fifth node; and
- identifying the fifth node as being an unprotected node.
17. The system of claim 13, further comprising:
- determining that a user of the remote computing system does not have permission to view identity information of the entity associated with the sixth node; and
- identifying the sixth node as being a protected node.
18. The system of claim 13, wherein the at least one entity represented by more than one node of the plurality of nodes is associated with at least one protected node.
6377287 | April 23, 2002 | Hao |
7693948 | April 6, 2010 | Heix |
20070011054 | January 11, 2007 | Sattler |
20070162435 | July 12, 2007 | Hadari |
20090006946 | January 1, 2009 | Hanson |
20100287377 | November 11, 2010 | Lim |
20110041073 | February 17, 2011 | Hoff |
- Yamashita, M, et al, Computing on an anonymous network. In Proceedings of the seventh annual ACM Symposium on Principles of distributed computing (PODC '88). ACM, New York, NY, USA, 117-130. DOI=10.1145/62546.62568 http://doi.acm.org/10.1145/62546.62568, 14 pages.
- Tani, Seiichiro, 2011 “Compression of View on Anonymous Networks: Folded View” Parallel and Distributed Systems, IEEE Transactions on, vol. PP, No. 99, p. 1, ISSN: 1045-9219, DOI: 10.1109/TPDS.2011.142 16 pages.
- Felt, Adrienne, et al, Privacy Protection for Social Networking APIs. University of Virginia, 2008. http://www.cs.virginia.edu/felt/privacy/privacybyproxy.html, 2 pages.
- Backstrom, Lars et al, Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In Proceedings of the 16th international conference on World Wide Web (WWW '07). ACM, New York, NY, USA, 181-190. DOI=10.1145/1242572.1242598 http://doi.acm.org/10.1145/1242572.1242598, 10 pages.
- Angluin, Dana, Local and Global Properties in Networks of Processors, Association for Computing Machinery -89791-017-6/80/0400/0082, 1980, 12 pages.
Type: Grant
Filed: Aug 15, 2014
Date of Patent: Apr 18, 2017
Patent Publication Number: 20140359791
Assignee: SAP SE (Walldorf)
Inventor: Sunil Puri (Burnaby)
Primary Examiner: Brian Shaw
Application Number: 14/461,017
International Classification: G06F 21/62 (20130101); H04L 29/06 (20060101); H04L 12/44 (20060101);